- var_dump: documentation ( source)
- preg_replace: documentation ( source)
<?php
$regex = '/(?=xyz\Kaa)./';
$subject = "aaaaxyzaabaa";
// Comment/uncomment below as wanted.
// All 3 functions are vulnerable (note, other functions are affected as well)
$x=preg_replace($regex, '',$subject);
var_dump($x);